{"id":163973,"date":"2023-05-15T22:24:17","date_gmt":"2023-05-16T03:24:17","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/05\/break-the-ddos-attack-loop-with-rate-limiting"},"modified":"2023-05-15T22:24:17","modified_gmt":"2023-05-16T03:24:17","slug":"break-the-ddos-attack-loop-with-rate-limiting","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/05\/break-the-ddos-attack-loop-with-rate-limiting","title":{"rendered":"Break the DDoS Attack Loop With Rate Limiting"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/break-the-ddos-attack-loop-with-rate-limiting2.jpg\"><\/a><\/p>\n<p>Distributed denial-of-service (DDoS) attacks are growing in frequency and sophistication, thanks to the number of attack tools available for a couple of dollars on the Dark Web and criminal marketplaces. Numerous organizations became victims in 2022, from the Port of London Authority to Ukraine\u2019s national postal service.<\/p>\n<p>Security leaders are already combating DDoS attacks by monitoring network traffic patterns, implementing firewalls, and using content delivery networks (CDNs) to distribute traffic across multiple servers. But putting more security controls in place can also result in more DDoS false positives \u2014 legitimate traffic that\u2019s not part of an attack but still requires analysts to take steps to mitigate before it causes service disruptions and brand damage.<\/p>\n<p>Rate limiting is often considered the best method for efficient DDoS mitigation: URL-specific rate limiting prevents 47% of DDoS attacks, according to Indusface\u2019s \u201c<a href=\"https:\/\/www.darkreading.com\/application-security\/appsec-playbook-2023-study-of-829m-attacks-on-1-400-websites\" target=\"_blank\">State of Application Security Q4 2022<\/a>\u201d report. However, the reality is that few engineering leaders know how to use it effectively. Here\u2019s how to employ rate limiting effectively while avoiding false positives.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Distributed denial-of-service (DDoS) attacks are growing in frequency and sophistication, thanks to the number of attack tools available for a couple of dollars on the Dark Web and criminal marketplaces. Numerous organizations became victims in 2022, from the Port of London Authority to Ukraine\u2019s national postal service. Security leaders are already combating DDoS attacks by [\u2026]<\/p>\n","protected":false},"author":662,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,38],"tags":[],"class_list":["post-163973","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-engineering"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/163973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/662"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=163973"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/163973\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=163973"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=163973"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=163973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}